Solved

how to remove newfolder.exe, Bimat.exe and IEXPLORER.exe

Posted on 2009-05-05
4
1,461 Views
Last Modified: 2013-11-05
Hi Friends,

I am facing a lot of problem regarding the infection in our network newfolder.exe, Bimat.exe and  IEXPLORER.exe. I am using Combofix and SDFix tools to clean, its perfectly working but again the users get same problem after 1 or 2 days may be thsi will be happening of network and i cant clean network with in one or two days coz we have more than 100 Pc. we are using Kaspersky and ESET Nod32 Antivirsus only so is there any tool it will remove from network or any anti spyware or else software it will make helpful and protection to our network. the acceptable answer from any one will helpful to me...............
0
Comment
Question by:cscdubai
  • 2
  • 2
4 Comments
 
LVL 11

Expert Comment

by:NaturaTek
ID: 24311489
CSC,

I feel your pain. If I were you, I would reinstall and make a image with acronis. When users cause damage, just reimage them in 6 minutes and copy their data back on for WORST case scenarios.
If you have more than 100 pcs, this is ideal. Will save you lots of work down the road.

However to clean up in your situation I would first disable system restore. Download ccleaner from ccleaner.com
Download superantispyware (superantispyware.com) and malwarebytes antimalware (malwarebytes.org)

Boot into safe mode. Run ccleaner. The reason I do ccleaner first is because it will clean out all temp files, caches, etc..so you don't have to spend a extra hour or so scanning nonsense files.
Run Malwarebytes, do a full scan, remove all selected when done, reboot in safemode, run superantispyware, full scan, remove all selected reboot in safe mode.

Download autoruns from Microsoft. Run it and see if you find any strange service/driver/app loading up that you know for sure it's not related to the OS or your environment. Delete them.

Boot normally and see if you are cleaned.

Combofix in safe mode is a last step in my book. Eset is good so is Kaspersky, and many others. In my years of experience I find one antivirus finds something another wont. Same apply for antispyware programs.

Believe it or not for a business environment I would stick with Kaspersky or Symantec Endpoint protection..because it is very strict and configurable in network environments.

If you are using Eset 4.0, go into options and create yourself a bootable cd from there, so you can boot from the eset CD and scan without even booting into windows. Same with Kaspersky..I think they have that option as well now.

Of course, before running any scan, or creating a boot scan cd, be sure to update definition files to current date.

I do swear by a good antivirus used in combination with malwarebytes and superantispyware. I don't run them all together, I do run the last 2 as maintenance every week or two, or the moment a user did web browsing in the underworlds.

I would create policies to prohibit installation of rogue programs and create security in Internet Explorer preventing sites with keywords or designated sites. Of course if you guys have some network rackmount items, you can create rules to prohibit sites into your network.

Doesn't matter if you clean and clean, users will be users and will click on every dang thing on the web, in a few days, computer will be infected all over again.

I do find symantec endpoint or eset RUNNING along side of malwarebytes in REAL TIME (this is a paid feature) to be VERY effective.

Best wishes
0
 

Author Comment

by:cscdubai
ID: 24408984
but what ever the comment u give it really not helpful me i tried it but fail
0
 
LVL 11

Expert Comment

by:NaturaTek
ID: 24409024
I don't know the level of your infection. If you  tried the combofix and all else I posted above, then perhaps your system is infected with a certain rootkit, cloaked malware to a point where it might not even be worth it to repair.

If you did the scans above, please post the log of malwarebytes here, log of combofix here.
Download hijackthis http://download.cnet.com/Trend-Micro-HijackThis/3000-8022_4-10227353.html
And post the log here.

In mean time back up your important documents. Pull out your windows xp cd and consider deleting your partition, recreating it and reinstalling windows xp.
leave your windows xp in the cd rom, when you boot up it should start the cd, if not, go into bios, select the CDrom in boot priority to be 1st. Xp install will guide you on deleting your existing installation.

0
 

Accepted Solution

by:
cscdubai earned 0 total points
ID: 24730144
Now Eset Nod32 is detecting and cleaning this infections
0

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Exchange 2016 Anti Spam 4 278
ISA & antivirus 10 80
Need help removing Safari Adware 17 114
How does ESET Anti-Virus rate? 5 117
INTRODUCTION "Virut" is a nasty, polymorphic file infector, and it infects every executable and screensaver file on access.  Some variant also infects .htm, html, .rar and .zip archives, and latest variants infects php and asp.  It patches system…
Operating system developers such as Microsoft (https://www.microsoft.com) and Apple have made incredible strides in virus protection over the past decade. Operating systems come packaged with built in defensive tools such as virus protection and a f…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…

856 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question